Block subnets accessing each other in mikrotik

ibrahim1989 · February 3, 2016, 11:35am

Hello ,

I have two subnets in my mikrotik router: Network 1 : 192.168.1.0/24 and Network 2:192.168.5.0/24
I want to allow Network1 to access Network2 , but to deny Network2 access Network1 !!!

By using the rule : /ip firewall filter chain=prerouting src-address=192.168.5.0/24 dst-address=192.168.1.0/24 action=drop
It blocks two networks accessing each-other.

Is there any solution that allows one network to access another one but denies the second one to access the first network ???
Thank you!

Sob · February 3, 2016, 12:29pm

Yes, first allow established and related connections, then allow access from Network1 to Network2 and block the rest. Simplified example:

/ip firewall filter
add chain=forward connection-state=established,related
add chain=forward src-address=192.168.1.0/24 dst-address=192.168.5.0/24
add chain=forward action=drop

First rule makes the difference. If allowed connection is established from Network1 to Network2, connection-state=established,related makes sure that all reply packets from Network2 to Network1 are also allowed, while new connections from Network2 to Network1 are still blocked.

loveman · February 3, 2016, 4:51pm

good idea from Sob

ibrahim1989 · February 4, 2016, 5:29pm

Thank you very much Sob.
I solved it!!!
Best!